TIAPS Module 1 Audit and Assurance workbook
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
circumstances (unethical <strong>and</strong> often but not always illegal), <strong>and</strong> tend to provide a<br />
rationalization to themselves <strong>and</strong> anyone else (such as when they are caught) in terms of<br />
their needs or perceived entitlement (“everyone else is doing it,” “the organization deserves it<br />
for having weak controls,” “it’s only $100,” “I need it more than they do,” “it’s a victimless<br />
crime,” etc.). Often individuals start committing fraud with a small value or with the intention<br />
of only doing it once but the temptation <strong>and</strong> the rationalization increase. Motivation,<br />
opportunity, <strong>and</strong> rationalization are the key elements of the fraud risk triangle <strong>and</strong> provide a<br />
basis for considering appropriate controls for each of these dynamics. Organizations must:<br />
• Reduce motivation (through ethical training <strong>and</strong> by addressing signs of stress).<br />
• Limit opportunity (through awareness raising <strong>and</strong> segregation of incompatible duties,<br />
for example).<br />
• Combat potential rationalization (through being seen to take fraud seriously, dealing<br />
with incidents fairly <strong>and</strong> swiftly, <strong>and</strong> providing fair compensation to all).<br />
Figure: Controls for the Primary Causes of Fraud (based on the Cressey Fraud Risk<br />
Triangle)<br />
The IIA Practice Guide: Internal <strong>Audit</strong> <strong>and</strong> Fraud – Assessing Fraud Risk Governance <strong>and</strong><br />
Management at the Organizational Level distinguishes three aspects an internal auditor<br />
must be aware of when evaluating risks <strong>and</strong> controls:<br />
• Fraud risks – the potential for fraud (which is ever-present).<br />
• Fraud schemes – active plans by individuals or groups to commit fraud.<br />
• Fraud events – where fraud has been committed. 56<br />
56<br />
IIA Practice Guide: Internal <strong>Audit</strong> <strong>and</strong> Fraud – Assessing Fraud Risk Governance <strong>and</strong> Management at the Organizational<br />
Level, 2nd edition, 2022.<br />
61